Encrypting databases with a new key

You can apply a new encryption key to a Derby database
by specifying a new boot password or a new external key.

Encrypting a database with a new encryption key is a time consuming
process because it involves encrypting all of the existing data in the database
with the new encryption key. If the process is interrupted before completion,
all the changes are rolled back the next time that the database is booted.
If the interruption occurs immediately after the database is encrypted with
the new encryption key but before the connection is returned to the application,
you might not be able to boot the database with the old encryption key. In
these rare circumstances, you should try to boot the database with the new
encryption key.

Recommendation: Ensure that
you have enough free disk space before you encrypt a database with a new key.
In addition to the disk space required for the current size of the database,
temporary disk space is required to store the old version of the data to restore
the database back to it's original state if the new encryption is interrupted
or returns errors. All of the temporary disk space is released back to the
operating system after the database is reconfigured to work with the new encryption
key.

To encrypt a database with a new encryption key:

Use the type of encryption that is currently used to encrypt the
database: